Re: make release problem with -current
Op 6 nov. 2013 om 05:23 heeft Scott McEachern sc...@blackstaff.ca het volgende geschreven: On 11/05/13 23:02, Philip Guenther wrote: On Tue, Nov 5, 2013 at 7:33 PM, Scott McEachern sc...@blackstaff.ca wrote: On 11/05/13 22:29, Ted Unangst wrote: On Tue, Nov 05, 2013 at 22:18, Scott McEachern wrote: Anyone else running into this when running make release with -current? vnconfig -v -c vnd0 /var/tmp/image.11200 vnconfig: VNDIOCSET: Device busy Are you already using vnd0? No, not intentionally at least. So you've used vnconfig -l to see what it's currently bound to and... # vnconfig -l vnd0: covering /var/tmp/image.28401 on sd0e, inode 12 vnd1: not in use vnd2: not in use vnd3: not in use I'm not sure if that's from something earlier in the build process, or possibly from a failed build the other night. Either way, I'm going to just nuke it all, install from scratch, and see how that goes. I'll bet it will work just fine.. Unconfig and restart should do it. -Otto -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: RJ11 on Alix 2d13 with OpenBSD
On 2013-11-06, James Hartley jjhart...@gmail.com wrote: On Tue, Nov 5, 2013 at 5:50 PM, Stuart Henderson s...@spacehopper.orgwrote: On 2013-11-05, Lo�c BLOT loic.b...@unix-experience.fr wrote: I would test to plug RJ11 cable (from my ADSL line, behind the ADSL filter) to the RJ45 plug but it seems this doesn't work (no carrier). Is this possible ? No, and in some cases you may damage the nic.. I apologize for the tangential question. On Amazon, I've located cables with a RJ11 connector on one end, a RJ45 on the other. Is using this type of cable to connect an Alix directly to the phone line discouraged? Thanks for any enlightenment. If this works, then you can probably also use http://tinyurl.com/9zna22 (design instructions at http://tinyurl.com/6yrqvt9) to connect your computer to a powerline network. (Probably best to turn off the switch at the wall socket before connecting it up - safety first!). Also did you know you can use your tongue to detect incoming calls on a phone line?!
Re: KVM card in HP MicroServer
Hello Joe, On 02/11/13(Sat) 13:58, Joe Gidi wrote: I have an HP MicroServer N36L with HP's remote management card installed. The card provides KVM-over-IP by presenting a video device and an emulated USB keyboard and mouse to the system. The KVM is accessed via a Java (ugh) applet in the card's web GUI. When I open the KVM session, the video display works fine, and the emulated keyboard works at the boot prompt. However, it doesn't work on the console once the system has booted. I don't see an error anywhere, but typing into the KVM session simply has no effect at all. Opening the KVM session after the system is booted causes this to appear in the dmesg; apparently it's disconnecting and reconnecting the emulated keyboard and mouse: Nov 2 13:39:11 microserver /bsd: wskbd0: disconnecting from wsdisplay0 Nov 2 13:39:11 microserver /bsd: wskbd0 detached Nov 2 13:39:11 microserver /bsd: ukbd0 detached Nov 2 13:39:11 microserver /bsd: uhidev0 detached Nov 2 13:39:11 microserver /bsd: wsmouse0 detached Nov 2 13:39:11 microserver /bsd: ums0 detached Nov 2 13:39:11 microserver /bsd: uhidev1 detached Nov 2 13:39:11 microserver /bsd: wsmouse1 detached Nov 2 13:39:11 microserver /bsd: ums1 detached Nov 2 13:39:11 microserver /bsd: uhidev2 detached Nov 2 13:39:19 microserver /bsd: uhidev0 at uhub1 Nov 2 13:39:19 microserver /bsd: port 2 configuration 1 interface 0 Avocent USB Composite Device-0 rev 2.00/0.00 addr 2 Nov 2 13:39:19 microserver /bsd: uhidev0: iclass 3/1 Nov 2 13:39:19 microserver /bsd: ukbd0 at uhidev0: 8 variable keys, 6 key codes Nov 2 13:39:19 microserver /bsd: wskbd0 at ukbd0 mux 1 Nov 2 13:39:19 microserver /bsd: wskbd0: connecting to wsdisplay0 Nov 2 13:39:19 microserver /bsd: uhidev1 at uhub1 Nov 2 13:39:19 microserver /bsd: port 2 configuration 1 interface 1 Avocent USB Composite Device-0 rev 2.00/0.00 addr 2 Nov 2 13:39:19 microserver /bsd: uhidev1: iclass 3/1 Nov 2 13:39:19 microserver /bsd: ums0 at uhidev1: 3 buttons, Z dir Nov 2 13:39:19 microserver /bsd: wsmouse0 at ums0 mux 0 Nov 2 13:39:19 microserver /bsd: uhidev2 at uhub1 Nov 2 13:39:19 microserver /bsd: port 2 configuration 1 interface 2 Avocent USB Composite Device-0 rev 2.00/0.00 addr 2 Nov 2 13:39:19 microserver /bsd: uhidev2: iclass 3/1 Nov 2 13:39:19 microserver /bsd: ums1 at uhidev2: 3 buttons, Z dir Nov 2 13:39:19 microserver /bsd: wsmouse1 at ums1 mux 0 The system is currently running 5.3/amd64; I plan to upgrade to 5.4 in the next week or so. Full dmesg is included below. Any ideas on how I can start troubleshooting this? Thanks for any suggestions. Some changes have been made in this area, post 5.3 to fix a ukbd(4) attach problem and post 5.4 to fix issues with USB KVM. So the first thing you can try is a -current snapshot. Tell me if it helps ;) If your problem is still present, could you compile a kernel defining EHCI_DEBUG and USB_DEBUG, then set ehci_debug = 3 and usbdebug = 6 and send me the corresponding dmesg? Regards, Martin
scramble.io and firefox
hi there, i was trying to give scramble.io a try but firefox seems to be stuck 31853 f 640 209M 208M onproc/3 thrslee 3:05 98.58% firefox for ages. this is a slow netbook so i am just asking if someone with a proper quick machine could give this a go and tell me if it works and i just need to be more patient, or with openbsd's firefox it is not going to work. thanks -f -- people have one thing in common, they're all different.
Re: UEFI
On Nov 5, 2013, at 10:49 AM, pe...@bsdly.net (Peter N. M. Hansteen) wrote: sven falempin sven.falem...@gmail.com writes: My laptop has no BIOS. What do you recommend to get openBSD on it ? It's not entirely uncommon to have a (sometimes quite well hidden) option to choose 'legacy mode' or similar over UEFI mode. But you should be prepared to dig out the long form user or service manual for your device to track down just how to enable it. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. [...] +1, laptops do have legacy mode for older operating systems. Did the same thing for my X230. -Amarendra
Re: UEFI
just install another 'os' like ubuntu-desktop on your laptop first. openbsd will install on it flawlessly after that, it did on mine. and yes, there was no need to change any options anywhere.
Re: make release problem with -current
On Tue, Nov 05, 2013 at 11:23:26PM -0500, Scott McEachern wrote: On 11/05/13 23:02, Philip Guenther wrote: On Tue, Nov 5, 2013 at 7:33 PM, Scott McEachern sc...@blackstaff.ca wrote: On 11/05/13 22:29, Ted Unangst wrote: On Tue, Nov 05, 2013 at 22:18, Scott McEachern wrote: Anyone else running into this when running make release with -current? vnconfig -v -c vnd0 /var/tmp/image.11200 vnconfig: VNDIOCSET: Device busy Are you already using vnd0? No, not intentionally at least. So you've used vnconfig -l to see what it's currently bound to and... # vnconfig -l vnd0: covering /var/tmp/image.28401 on sd0e, inode 12 vnd1: not in use vnd2: not in use vnd3: not in use This is why I ended up with /sbin/umount /mnt /sbin/vnconfig -u vnd0 in the script I use to invoke make build make release. :-) Ken I'm not sure if that's from something earlier in the build process, or possibly from a failed build the other night. Either way, I'm going to just nuke it all, install from scratch, and see how that goes. I'll bet it will work just fine.. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: UEFI
On Wed, Nov 06, 2013 at 09:49:44AM -0500, Mayuresh Kathe wrote: just install another 'os' like ubuntu-desktop on your laptop first. openbsd will install on it flawlessly after that, it did on mine. and yes, there was no need to change any options anywhere. On my daughter's brand spanking new Lenovo Ideapad $something Touch, we needed to set the BIOS to 'legacy mode' in order to have it boot into the Ubuntu installer and then choose some obscure linux kernel parameter for it to switch to a usable graphics mode for the installer to complete. For some reason she wanted her laptop on Ubuntu and to use it herself from that point on. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: UEFI
On Wed, Nov 6, 2013 at 10:44 AM, Peter N. M. Hansteen pe...@bsdly.netwrote: On Wed, Nov 06, 2013 at 09:49:44AM -0500, Mayuresh Kathe wrote: just install another 'os' like ubuntu-desktop on your laptop first. openbsd will install on it flawlessly after that, it did on mine. and yes, there was no need to change any options anywhere. On my daughter's brand spanking new Lenovo Ideapad $something Touch, we needed to set the BIOS to 'legacy mode' in order to have it boot into the Ubuntu installer and then choose some obscure linux kernel parameter for it to switch to a usable graphics mode for the installer to complete. For some reason she wanted her laptop on Ubuntu and to use it herself from that point on. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. Why you people are talking about your Lenovo experience ? are you salesman ? *facepalm* -- - () ascii ribbon campaign - against html e-mail /\
Re: UEFI
On Wed, Nov 6, 2013 at 7:53 AM, sven falempin sven.falem...@gmail.com wrote: Why you people are talking about your Lenovo experience ? are you salesman ? Because talking in the abstract with absolutely no details about the real product involved isn't helpful. Hi, I'm having a problem, but I'm not going to describe at all what hardware or vendor is involved, or even what type of CPU. And please don't talk about real-world examples of your own. Given the lack of data, I'll answer your original question: What do you recommend to get openBSD on it ? Return it to the unknown/unnamed vendor and get a different box. Philip Guenther
Re: UEFI
On Nov 6, 2013, at 7:53 AM, sven falempin sven.falem...@gmail.com wrote: On Wed, Nov 6, 2013 at 10:44 AM, Peter N. M. Hansteen pe...@bsdly.netwrote: On Wed, Nov 06, 2013 at 09:49:44AM -0500, Mayuresh Kathe wrote: just install another 'os' like ubuntu-desktop on your laptop first. openbsd will install on it flawlessly after that, it did on mine. and yes, there was no need to change any options anywhere. On my daughter's brand spanking new Lenovo Ideapad $something Touch, we needed to set the BIOS to 'legacy mode' in order to have it boot into the Ubuntu installer and then choose some obscure linux kernel parameter for it to switch to a usable graphics mode for the installer to complete. For some reason she wanted her laptop on Ubuntu and to use it herself from that point on. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. Why you people are talking about your Lenovo experience ? are you salesman ? *facepalm* [...] Oh damn right - you see Peter is Lenovo's Taiwan head, Mayuresh manages their APAC sales and I handle North America sales! ROFL. For your laptop, did you probe BIOS options as Peter suggested? The answer is a simple yes or no *hint* -ag -- sent via 100% recycled electrons from my mobile command center.
Re: UEFI
On Wed, Nov 6, 2013 at 11:20 AM, ag@gmail amarendra.godb...@gmail.comwrote: On Nov 6, 2013, at 7:53 AM, sven falempin sven.falem...@gmail.com wrote: On Wed, Nov 6, 2013 at 10:44 AM, Peter N. M. Hansteen pe...@bsdly.net wrote: On Wed, Nov 06, 2013 at 09:49:44AM -0500, Mayuresh Kathe wrote: just install another 'os' like ubuntu-desktop on your laptop first. openbsd will install on it flawlessly after that, it did on mine. and yes, there was no need to change any options anywhere. On my daughter's brand spanking new Lenovo Ideapad $something Touch, we needed to set the BIOS to 'legacy mode' in order to have it boot into the Ubuntu installer and then choose some obscure linux kernel parameter for it to switch to a usable graphics mode for the installer to complete. For some reason she wanted her laptop on Ubuntu and to use it herself from that point on. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. Why you people are talking about your Lenovo experience ? are you salesman ? *facepalm* [...] Oh damn right - you see Peter is Lenovo's Taiwan head, Mayuresh manages their APAC sales and I handle North America sales! ROFL. I knew it :D For your laptop, did you probe BIOS options as Peter suggested? The answer is a simple yes or no *hint* Yes i spend a lot of times in the settings disabling the secure boot and trying to boot various OSes changing the settings, even with ESXi (the best result i got was with this one). because you are all asking for trivia: This is a ASUS N76V But i do not want to go back to legacy BIOS, the laptop got a supported restoration working with it, i do not want to break it. I found some kind of uefi code a long time ago and lost the reference , i was hopping someone knows about some kind of firmware that would emulate the BIOS work. The goal is to boot over usb, i had linux/windows/openbsd and more 10 years ago on a computer i do not want to have this madness again. -ag -- sent via 100% recycled electrons from my mobile command center. -- - () ascii ribbon campaign - against html e-mail /\
Re: UEFI
because you are all asking for trivia: This is a ASUS N76V Bullshit. That is not trivia. That's the important bit.
Re: UEFI
On Tue, Nov 05, 2013 at 04:29:04PM -0500, sven falempin wrote: On Tue, Nov 5, 2013 at 1:49 PM, Peter N. M. Hansteen pe...@bsdly.netwrote: sven falempin sven.falem...@gmail.com writes: My laptop has no BIOS. What do you recommend to get openBSD on it ? It's not entirely uncommon to have a (sometimes quite well hidden) option to choose 'legacy mode' or similar over UEFI mode. But you should be prepared to dig out the long form user or service manual for your device to track down just how to enable it. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. Not helping . Try holding down [Esc], [F2], [F8], or [Del] directly after power on, or as suggested find the manual for the laptop to figure out how to get into the BIOS. Then enable legacy boot and disable secure boot. Did someone use grub 2 to achieve a uefi boot ? -- - () ascii ribbon campaign - against html e-mail /\ -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
Re: UEFI
because you are all asking for trivia: This is a ASUS N76V Bullshit. That is not trivia. That's the important bit. Okay now that we know what model you have. I can tell you that it has a legacy mode and boots OpenBSD just fine in that mode. You said that you want to keep the recovery stuff from ASUS and that presumably is why you want the laptop to remain using UEFI (I dont understand this but that's your choice). So simple solution, remove the HD that the laptop shipped with and throw it in a drawer to save. Put in a new 7200rpm drive and switch it over to legacy. Far better to spend the 100ish bucks on a HD then waste your time dealing with the UEFI crap. The laptop has other major issues with the hybrid Intel/Nvidia graphics though... I had one and got rid of it since it only played nice with Windows 8 and sorta put up with Linux. -- | _ ASCII Ribbon Eric S Pulley | ( ) Campaign Against pul...@dabus.com | X HTML Mail | / \ www.asciiribbon.org
Re: Weard security report
http://sans.org/ English Version (PDF) http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201311_en.pdf English Version (.epub -- tablets only) http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201311_eneb.epub Translations Archives http://www.securingthehuman.org/ouch In addition, we have a new video of the month: Encryption. Encryption is often emphasized as one of the key methods to secure data, yet many people do not understand what it is or how it works. This video explains encryption using simple and easy to understand terms. http://www.securingthehuman.org/resources/ncsam Thanks! Lance Spitzner Training Director, SANS Securing The Human Program Mobile: +1.708.557.6006 Skype/Twitter: lspitzner Blog: www.securingthehuman.org/blog To change your subscription information please visit https://www.sans.org/account/subscriptions. SANS Institute, 8120 Woodmont Ave., Suite 205, Bethesda, MD 20814-2743 -BEGIN PGP SIGNATURE- iD8DBQFSemK/+LUG5KFpTkYRAoZ9AKCKX3PlafenVTPyPQWV0IKeBLUQXwCfdmpF lg2Gf3qsxI5YaDkMzPrdwaI= =khCV -END PGP SIGNATURE- On Thu, 7/11/13, sven falempin sven.falem...@gmail.com wrote: Subject: Re: Weard security report To: t...@openbsd.org t...@openbsd.org Received: Thursday, 7 November, 2013, 3:49 AM On Wed, Nov 6, 2013 at 11:43 AM, Alexander Hall alexan...@beard.se wrote: Joerg Sonnenberger jo...@britannica.bec.de wrote: On Wed, Nov 06, 2013 at 10:24:53AM -0500, sven falempin wrote: == /var/db/cloud.json diffs (-OLD +NEW) == --- /dev/null Fri Oct 25 01:30:33 2013 +++ /var/db/cloud.json Thu Oct 17 17:21:15 2013 This just means that the file was created as opposed to empty. Joerg But if his previous security run indicated there was one, I suspect he lost the one in / var/backup somewhere on the way. Repartitioning? /Alexander Sorry i didn't add this info in the first mail. First thing i checked , Only one partition :-( Is this possible if a reboot occur while the daily is running (i guess no but...) ? -- - () ascii ribbon campaign - against html e-mail /\
Re: RJ11 on Alix 2d13 with OpenBSD
Chris Cappuccio ch...@nmedia.net wrote: Mr. Pugsley, an ethernet NIC includes a Modulator and Demodulator for any of 10BaseT, 100BaseTX, 1000BaseT, 1BaseThingies, fiber versions of the same, and so on. Wait, wait, Ethernet is baseband, so there is no (de)modulator. -- Christian naddy Weisgerber na...@mips.inka.de
Re: Help building Node module on OpenBSD
Thanks again Aaron, I really appreciate it. Sharing this back to the list for them other Node heads out there. All the best! O.D. On 6. november 2013 at 5:33 PM, Aaron Bieber def...@gmail.com wrote: On Wed, Nov 06, 2013 at 04:03:43PM +, openda...@hushmail.com wrote: On 6. november 2013 at 3:56 PM, Aaron Bieber def...@gmail.com wrote: Perfect - that's what we want :P Now do the export LDFLAGS=-L/usr/local/lib and it will build fine. Wow, what exactly happened here? :) It works! Thank you so much! Not 100% sure, but something was preventing /usr/local/lib/node_modules/node-gyp/gyp/gyp from picking up the gyp you had installed, so it was defaulting to the internal node version. The requirement for LDFLAGS being set is because some node modules only look in /usr/lib when they do the linking. 5.5 will have a fix that forces gyp to be installed as a node dependency. 5.4 works fine as long as gyp is installed. Also, in 5.4 everything should work flawless right? O.D. % npm install fibers npm http GET https://registry.npmjs.org/fibers npm http 304 https://registry.npmjs.org/fibers fibers@1.0.1 install /home/opendaddy/myapp/node_modules/fibers node ./build.js gmake: Entering directory `/home/opendaddy/myapp/node_modules/fibers/build' g++ '-D_LARGEFILE_SOURCE' '-D_FILE_OFFSET_BITS=64' '- DUSE_CORO' '-DCORO_GUARDPAGES=1' '-DCORO_ASM' '- DBUILDING_NODE_EXTENSION' -I/home/opendaddy/myapp/.node- gyp/0.8.18/src -I/home/opendaddy/myapp/.node- gyp/0.8.18/deps/uv/include -I/home/opendaddy/myapp/.node- gyp/0.8.18/deps/v8/include -I/usr/include -fPIC -Wall -pthread - m64 -O2 -fno-strict-aliasing -fno-tree-vrp -fno-tree-sink -fno- rtti -fno-exceptions -MMD -MF ./Release/.deps/Release/obj.target/fibers/src/fibers.o.d.raw - c - o Release/obj.target/fibers/src/fibers.o ../src/fibers.cc g++ '-D_LARGEFILE_SOURCE' '-D_FILE_OFFSET_BITS=64' '- DUSE_CORO' '-DCORO_GUARDPAGES=1' '-DCORO_ASM' '- DBUILDING_NODE_EXTENSION' -I/home/opendaddy/myapp/.node- gyp/0.8.18/src -I/home/opendaddy/myapp/.node- gyp/0.8.18/deps/uv/include -I/home/opendaddy/myapp/.node- gyp/0.8.18/deps/v8/include -I/usr/include -fPIC -Wall -pthread - m64 -O2 -fno-strict-aliasing -fno-tree-vrp -fno-tree-sink -fno- rtti -fno-exceptions -MMD -MF ./Release/.deps/Release/obj.target/fibers/src/coroutine.o.d.raw - c -o Release/obj.target/fibers/src/coroutine.o ../src/coroutine.cc cc '-D_LARGEFILE_SOURCE' '-D_FILE_OFFSET_BITS=64' '- DUSE_CORO' '-DCORO_GUARDPAGES=1' '-DCORO_ASM' '-DBUILDING_NODE_EXTENSION' - I/home/opendaddy/myapp/.node-gyp/0.8.18/src - I/home/opendaddy/myapp/.node-gyp/0.8.18/deps/uv/include - I/home/opendaddy/myapp/.node-gyp/0.8.18/deps/v8/include - I/usr/include -fPIC -Wall -pthread -m64 -O2 -fno-strict- aliasing - fno-tree-vrp -fno-tree-sink -MMD -MF ./Release/.deps/Release/obj.target/fibers/src/libcoro/coro.o.d.ra w -c -o Release/obj.target/fibers/src/libcoro/coro.o ../src/libcoro/coro.c flock ./Release/linker.lock g++ -shared -pthread -rdynamic - m64 -pthread -Wl,-soname=fibers.node -o Release/obj.target/fibers.node -Wl,--start-group Release/obj.target/fibers/src/fibers.o Release/obj.target/fibers/src/coroutine.o Release/obj.target/fibers/src/libcoro/coro.o -Wl,--end-group - lz - lv8 -L/usr/lib -lssl -lcrypto /usr/bin/ld: cannot find -lv8 collect2: ld returned 1 exit status gmake: *** [Release/obj.target/fibers.node] Error 1 gmake: Leaving directory `/home/opendaddy/myapp/node_modules/fibers/build' gyp ERR! build error gyp ERR! stack Error: `gmake` failed with exit code: 2 gyp ERR! stack at ChildProcess.onExit (/usr/local/lib/node_modules/node-gyp/lib/build.js:257:23) gyp ERR! stack at ChildProcess.EventEmitter.emit (events.js:99:17) gyp ERR! stack at Process.ChildProcess._handle.onexit (child_process.js:678:10) gyp ERR! System OpenBSD 5.3 gyp ERR! command node /usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node- gyp.js rebuild gyp ERR! cwd /home/opendaddy/myapp/node_modules/fibers gyp ERR! node -v v0.8.18 gyp ERR! node-gyp -v v0.8.2 gyp ERR! not ok Build failed npm ERR! fibers@1.0.1 install: `node ./build.js` npm ERR! `sh -c node ./build.js` failed with 1 npm ERR! npm ERR! Failed at the fibers@1.0.1 install script. npm ERR! This is most likely a problem with the fibers package, npm ERR! not with npm itself. npm ERR! Tell the author that this fails on your system: npm ERR! node ./build.js npm ERR! You can get their info via: npm ERR! npm owner ls fibers npm ERR! There is likely additional logging output above. npm ERR! System OpenBSD 5.3 npm ERR! command /usr/local/bin/node /usr/local/bin/npm install fibers npm ERR! cwd /home/opendaddy/myapp npm ERR! node -v v0.8.18 npm ERR! npm -v 1.2.2 npm ERR! code ELIFECYCLE npm ERR! npm ERR! Additional logging details can be found in: npm ERR!
BCM5720, Dell R320 and OpenBSD 5.4
Hi all, congrats to OpenBSD team, it seems the BCM5720 on Dell R320 is working fine since the many recent changes on bge driver ! A testing R320 is running since 8 hours at 560MB up + 560MB down with LACP trunks (on 5.3 LACP trunks with BCM freeze the server, and without, freeze are there but less frequent). My bench is composed of two dd if=/dev/random | ssh user@server dd of=/dev/null (one of the Dell R320 and one from another server. Are there any network stressing benchmarks i can do on OpenBSD to test a little more the hardware configuration ? -- Best regards, Loïc BLOT, UNIX systems, security and network engineer http://www.unix-experience.fr [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Sudo no longer working with RADIUS logins after upgrade to 5.4
We're seeing a strange issue where logging into a newly-upgraded 5.4 machine with a RADIUS login works fine, but when trying to use sudo to execute commands, I get incorrect password attempts in /var/log/secure. Transcript of this (server name censored to foo, user censored to user), log messages, and dmesg follow, any help or insight would be very much appreciated. Sudo worked perfectly fine with this same user before the upgrade: $ ssh foo user@foo's password: Last login: Wed Nov 6 11:04:55 2013 from .***.net OpenBSD 5.4 (GENERIC.MP) #44: Tue Jul 30 12:13:32 MDT 2013 Welcome to OpenBSD: The proactively secure Unix-like operating system. Please use the sendbug(1) utility to report bugs in the system. Before reporting a bug, please try to reproduce it with the latest version of the code. With bug reports, please try to ensure that enough information to reproduce the problem is enclosed, and if a known fix for it exists, include that as well. [foo:~]$ sudo whoami We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. Password: Where did you learn to type? Password: My pet ferret can type better than you! Password: Do you think like you type? sudo: 3 incorrect password attempts [foo:~]$ From /var/log/secure: Nov 6 11:11:11 foo sudo: user : 3 incorrect password attempts ; TTY=ttyp1 ; PWD=/home/user ; USER=root ; COMMAND=/usr/bin/whoami Dmesg: OpenBSD 5.4 (GENERIC.MP) #44: Tue Jul 30 12:13:32 MDT 2013 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (GenuineIntel 686-class) 1.61 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,LAHF,PERF real mem = 2138222592 (2039MB) avail mem = 2091827200 (1994MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 07/10/09, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.5 @ 0xfd170 (27 entries) bios0: vendor American Megatrends Inc. version 1.0a date 07/10/2009 bios0: Supermicro X7SLA acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG SLIC OEMB acpi0: wakeup devices P0P2(S4) P0P1(S4) PS2K(S4) PS2M(S4) EUSB(S4) MC97(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) LAN0(S1) P0P9(S4) LAN1(S1) USB0(S4) USB1(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 133MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (GenuineIntel 686-class) 1.61 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,LAHF,PERF cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (GenuineIntel 686-class) 1.61 GHz cpu2: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,LAHF,PERF cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (GenuineIntel 686-class) 1.61 GHz cpu3: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,LAHF,PERF ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 1, remapped to apid 4 acpimcfg0 at acpi0 addr 0xf000, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (P0P2) acpiprt2 at acpi0: bus 4 (P0P1) acpiprt3 at acpi0: bus 1 (P0P4) acpiprt4 at acpi0: bus -1 (P0P5) acpiprt5 at acpi0: bus -1 (P0P6) acpiprt6 at acpi0: bus -1 (P0P7) acpiprt7 at acpi0: bus 2 (P0P8) acpiprt8 at acpi0: bus 3 (P0P9) acpicpu0 at acpi0 acpicpu1 at acpi0 acpicpu2 at acpi0 acpicpu3 at acpi0 acpibtn0 at acpi0: SLPB acpibtn1 at acpi0: PWRB bios0: ROM list: 0xc/0xaa00! pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82945G Host rev 0x02 vga1 at pci0 dev 2 function 0 Intel 82945G Video rev 0x02 intagp0 at vga1 agp0 at intagp0: aperture at 0xe000, size 0x1000 inteldrm0 at vga1 drm0 at inteldrm0 error: [drm:pid0:drm_edid_block_valid] *ERROR* EDID checksum is invalid, remainder is 130 Raw EDID: 00 ff ff ff ff ff ff 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Re: Sudo no longer working with RADIUS logins after upgrade to 5.4
Should also add that a /usr/bin/sudo binary copied over from a 5.3 machine works as expected. Thanks, Andrew Klettke Systems Admin Optic Fusion On 11/06/2013 11:17 AM, Andrew Klettke wrote: We're seeing a strange issue where logging into a newly-upgraded 5.4 machine with a RADIUS login works fine, but when trying to use sudo to execute commands, I get incorrect password attempts in /var/log/secure. Transcript of this (server name censored to foo, user censored to user), log messages, and dmesg follow, any help or insight would be very much appreciated. Sudo worked perfectly fine with this same user before the upgrade: $ ssh foo user@foo's password: Last login: Wed Nov 6 11:04:55 2013 from .***.net OpenBSD 5.4 (GENERIC.MP) #44: Tue Jul 30 12:13:32 MDT 2013 Welcome to OpenBSD: The proactively secure Unix-like operating system. Please use the sendbug(1) utility to report bugs in the system. Before reporting a bug, please try to reproduce it with the latest version of the code. With bug reports, please try to ensure that enough information to reproduce the problem is enclosed, and if a known fix for it exists, include that as well. [foo:~]$ sudo whoami We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. Password: Where did you learn to type? Password: My pet ferret can type better than you! Password: Do you think like you type? sudo: 3 incorrect password attempts [foo:~]$ From /var/log/secure: Nov 6 11:11:11 foo sudo: user : 3 incorrect password attempts ; TTY=ttyp1 ; PWD=/home/user ; USER=root ; COMMAND=/usr/bin/whoami Dmesg: OpenBSD 5.4 (GENERIC.MP) #44: Tue Jul 30 12:13:32 MDT 2013 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (GenuineIntel 686-class) 1.61 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,LAHF,PERF real mem = 2138222592 (2039MB) avail mem = 2091827200 (1994MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 07/10/09, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.5 @ 0xfd170 (27 entries) bios0: vendor American Megatrends Inc. version 1.0a date 07/10/2009 bios0: Supermicro X7SLA acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG SLIC OEMB acpi0: wakeup devices P0P2(S4) P0P1(S4) PS2K(S4) PS2M(S4) EUSB(S4) MC97(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) LAN0(S1) P0P9(S4) LAN1(S1) USB0(S4) USB1(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 133MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (GenuineIntel 686-class) 1.61 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,LAHF,PERF cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (GenuineIntel 686-class) 1.61 GHz cpu2: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,LAHF,PERF cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (GenuineIntel 686-class) 1.61 GHz cpu3: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,LAHF,PERF ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 1, remapped to apid 4 acpimcfg0 at acpi0 addr 0xf000, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (P0P2) acpiprt2 at acpi0: bus 4 (P0P1) acpiprt3 at acpi0: bus 1 (P0P4) acpiprt4 at acpi0: bus -1 (P0P5) acpiprt5 at acpi0: bus -1 (P0P6) acpiprt6 at acpi0: bus -1 (P0P7) acpiprt7 at acpi0: bus 2 (P0P8) acpiprt8 at acpi0: bus 3 (P0P9) acpicpu0 at acpi0 acpicpu1 at acpi0 acpicpu2 at acpi0 acpicpu3 at acpi0 acpibtn0 at acpi0: SLPB acpibtn1 at acpi0: PWRB bios0: ROM list: 0xc/0xaa00! pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82945G Host rev 0x02 vga1 at pci0 dev 2 function 0 Intel 82945G Video rev 0x02 intagp0 at vga1 agp0 at intagp0: aperture at 0xe000, size 0x1000 inteldrm0 at vga1 drm0 at inteldrm0 error: [drm:pid0:drm_edid_block_valid] *ERROR* EDID checksum is invalid, remainder is 130 Raw EDID: 00 ff ff ff ff ff ff 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Re: UEFI
On 11/06/13 10:53, sven falempin wrote: On Wed, Nov 6, 2013 at 10:44 AM, Peter N. M. Hansteen pe...@bsdly.netwrote: On Wed, Nov 06, 2013 at 09:49:44AM -0500, Mayuresh Kathe wrote: just install another 'os' like ubuntu-desktop on your laptop first. openbsd will install on it flawlessly after that, it did on mine. and yes, there was no need to change any options anywhere. On my daughter's brand spanking new Lenovo Ideapad $something Touch, we needed to set the BIOS to 'legacy mode' in order to have it boot into the Ubuntu installer and then choose some obscure linux kernel parameter for it to switch to a usable graphics mode for the installer to complete. For some reason she wanted her laptop on Ubuntu and to use it herself from that point on. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. Why you people are talking about your Lenovo experience ? are you salesman ? *facepalm* Sven, Thinkpads are still the best laptops out there. I have dealt with many others in the the last year, and thinkpads still rule. This W500 I bought 5 years ago is still running. None of the non-TP laptops friends bought in that time frame are still work. The quality of ALL laptops has gone downhill, but the thinkpads are still at the top of the list (even with the new wretched keyboards they have). Add the UEFI horror for non-Windows users and giving exact details becomes important. --STeve Andre' ps: Has anyone run OpenBSD on a System76 laptop?
Re: Sudo no longer working with RADIUS logins after upgrade to 5.4
Hey man, hope you're doing well. The new version of sudo definitely breaks radius support somehow. Old binary on newly-upgraded server, calling login_radius as expected: 32409 sudo CALL lstat(0xcfbda248,0xcfbd9fe0) 32409 sudo NAMI /usr/libexec/auth/login_radius 32409 sudo STRU struct stat { dev=1030, ino=1559049, mode=-r-xr-sr-x , nlink=1, uid=0, gid=63, rdev=6221688, atime=1383766914.276995603, mtime=1375206816, ctime=1383763312.710865788, size=14768, blocks=32, blksize=16384, flags=0x0, gen=0x79206db9 } 32409 sudo RET lstat 0 32409 sudo CALL socketpair(PF_LOCAL,SOCK_STREAM,0,0xcfbda1cc) 32409 sudo RET socketpair 0 32409 sudo CALL fork() 32409 sudo RET fork 4137/0x1029 32409 sudo CALL close(0x5) 32409 sudo RET close 0 32409 sudo CALL sigprocmask(SIG_BLOCK,~0) 32409 sudo RET sigprocmask 0 32409 sudo CALL mprotect(0x2cff2000,0x2000,0x3PROT_READ|PROT_WRITE) 32409 sudo RET mprotect 0 32409 sudo CALL mprotect(0x2cff2000,0x2000,0x1PROT_READ) 32409 sudo RET mprotect 0 32409 sudo CALL sigprocmask(SIG_SETMASK,0) 32409 sudo RET sigprocmask ~0x10100SIGKILL|SIGSTOP 32409 sudo CALL write(0x3,0x89efdeac,0x1) 32409 sudo GIO fd 3 wrote 1 bytes \0 32409 sudo RET write 1 32409 sudo CALL write(0x3,0x819f6a4c,0xa) 32409 sudo GIO fd 3 wrote 10 bytes \0 32409 sudo RET write 10/0xa 32409 sudo CALL read(0x3,0x7ec6b034,0x2000) 32409 sudo GIO fd 3 read 10 bytes authorize New binary on newly-upgraded server, no longer calling login_radius: 31629 sudo CALL lstat(0xcfbfc908,0xcfbfc6a0) 31629 sudo NAMI /usr/libexec/auth/login_passwd 31629 sudo STRU struct stat { dev=1030, ino=1559048, mode=-r-sr-xr-x , nlink=1, uid=0, gid=11, rdev=6233224, atime=1383766539.484583023, mtime=1375206816, ctime=1383763312.710865788, size=10256, blocks=24, blksize=16384, flags=0x0, gen=0xa0c01eca } 31629 sudo RET lstat 0 31629 sudo CALL socketpair(PF_LOCAL,SOCK_STREAM,0,0xcfbfc88c) 31629 sudo RET socketpair 0 31629 sudo CALL fork() 31629 sudo RET fork 23258/0x5ada 31629 sudo CALL close(0x5) 31629 sudo RET close 0 31629 sudo CALL sigprocmask(SIG_BLOCK,~0) 31629 sudo RET sigprocmask 0 31629 sudo CALL mprotect(0x2c105000,0x2000,0x3PROT_READ|PROT_WRITE) 31629 sudo RET mprotect 0 31629 sudo CALL mprotect(0x2c105000,0x2000,0x1PROT_READ) 31629 sudo RET mprotect 0 31629 sudo CALL sigprocmask(SIG_SETMASK,0) 31629 sudo RET sigprocmask ~0x10100SIGKILL|SIGSTOP 31629 sudo CALL write(0x3,0x7e83d5bc,0x1) 31629 sudo GIO fd 3 wrote 1 bytes \0 31629 sudo RET write 1 31629 sudo CALL write(0x3,0x8a96d20c,0xa) 31629 sudo GIO fd 3 wrote 10 bytes ***\0 31629 sudo RET write 10/0xa 31629 sudo CALL read(0x3,0x8a2d6034,0x2000) 31629 sudo GIO fd 3 read 7 bytes reject Thanks, Andrew Klettke Systems Admin Optic Fusion On 11/06/2013 11:28 AM, Bryan Irvine wrote: Now, that's interesting. ktrace that sucker. On Wed, Nov 6, 2013 at 11:22 AM, Andrew Klettke aklet...@opticfusion.net mailto:aklet...@opticfusion.net wrote: Should also add that a /usr/bin/sudo binary copied over from a 5.3 machine works as expected. Thanks, Andrew Klettke Systems Admin Optic Fusion On 11/06/2013 11:17 AM, Andrew Klettke wrote: We're seeing a strange issue where logging into a newly-upgraded 5.4 machine with a RADIUS login works fine, but when trying to use sudo to execute commands, I get incorrect password attempts in /var/log/secure. Transcript of this (server name censored to foo, user censored to user), log messages, and dmesg follow, any help or insight would be very much appreciated. Sudo worked perfectly fine with this same user before the upgrade: $ ssh foo user@foo's password: Last login: Wed Nov 6 11:04:55 2013 from .***.net OpenBSD 5.4 (GENERIC.MP http://GENERIC.MP) #44: Tue Jul 30 12:13:32 MDT 2013 Welcome to OpenBSD: The proactively secure Unix-like operating system. Please use the sendbug(1) utility to report bugs in the system. Before reporting a bug, please try to reproduce it with the latest version of the code. With bug reports, please try to ensure that enough information to reproduce the problem is enclosed, and if a known fix for it exists, include that as well. [foo:~]$ sudo whoami We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others.
Re: UEFI
sven falempin sven.falem...@gmail.com writes: The goal is to boot over usb, i had linux/windows/openbsd and more 10 years ago on a computer i do not want to have this madness again. Multibooting always has carried with it its own very special brand of pain, and more likely than not always will, to be liberally distributed to all comers. And of course with new and exciting varieties turning up every few weeks to keep our heroic developers busy and provide new thrills for all you other gluttons for punishment. The world has not turned into a saner place during the last decade, and even less so in that particular corner you seem to insist on seeking out. Despite your most determined efforts to the contrary, numerous bits of valuable and useful information have been offered to you, for free. Now please do yourself and everybody else a favor and try following some of that advice. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: UEFI
sven falempin wrote: The goal is to boot over usb, i had linux/windows/openbsd and more 10 years ago on a computer i do not want to have this madness again. I currently multiboot OpenBSD and Windows on my Lenovo (I'm their salesman too) laptop. And I did multiboot Linux and Windows 10 years ago (though I had only one OS in between). What madness are you talking about? -- Dmitrij D. Czarkoff
Re: Sudo no longer working with RADIUS logins after upgrade to 5.4
The only change I see to sudo between 5.3 and 5.4 that might be related is this one. You could try backing it out via patch -R and see if the old behavior is restored. - todd Index: sudo.c === RCS file: /home/cvs/openbsd/src/usr.bin/sudo/sudo.c,v retrieving revision 1.43 diff -u -r1.43 sudo.c --- sudo.c 8 Jul 2010 21:11:31 - 1.43 +++ sudo.c 6 Nov 2013 20:14:47 - @@ -305,7 +305,7 @@ log_error(NO_STDERR|NO_EXIT, problem with defaults entries); /* Set login class if applicable. */ -set_loginclass(sudo_user.pw); +set_loginclass(runas_pw ? runas_pw : sudo_user.pw); /* Update initial shell now that runas is set. */ if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
Re: Sudo no longer working with RADIUS logins after upgrade to 5.4
On 11/06/13 20:47, Andrew Klettke wrote: Hey man, hope you're doing well. The new version of sudo definitely breaks radius support somehow. Old binary on newly-upgraded server, calling login_radius as expected: 32409 sudo CALL lstat(0xcfbda248,0xcfbd9fe0) 32409 sudo NAMI /usr/libexec/auth/login_radius 32409 sudo STRU struct stat { dev=1030, ino=1559049, mode=-r-xr-sr-x , nlink=1, uid=0, gid=63, rdev=6221688, atime=1383766914.276995603, mtime=1375206816, ctime=1383763312.710865788, size=14768, blocks=32, blksize=16384, flags=0x0, gen=0x79206db9 } 32409 sudo RET lstat 0 32409 sudo CALL socketpair(PF_LOCAL,SOCK_STREAM,0,0xcfbda1cc) 32409 sudo RET socketpair 0 32409 sudo CALL fork() 32409 sudo RET fork 4137/0x1029 32409 sudo CALL close(0x5) 32409 sudo RET close 0 32409 sudo CALL sigprocmask(SIG_BLOCK,~0) 32409 sudo RET sigprocmask 0 32409 sudo CALL mprotect(0x2cff2000,0x2000,0x3PROT_READ|PROT_WRITE) 32409 sudo RET mprotect 0 32409 sudo CALL mprotect(0x2cff2000,0x2000,0x1PROT_READ) 32409 sudo RET mprotect 0 32409 sudo CALL sigprocmask(SIG_SETMASK,0) 32409 sudo RET sigprocmask ~0x10100SIGKILL|SIGSTOP 32409 sudo CALL write(0x3,0x89efdeac,0x1) 32409 sudo GIO fd 3 wrote 1 bytes \0 32409 sudo RET write 1 32409 sudo CALL write(0x3,0x819f6a4c,0xa) 32409 sudo GIO fd 3 wrote 10 bytes \0 32409 sudo RET write 10/0xa 32409 sudo CALL read(0x3,0x7ec6b034,0x2000) 32409 sudo GIO fd 3 read 10 bytes authorize New binary on newly-upgraded server, no longer calling login_radius: 31629 sudo CALL lstat(0xcfbfc908,0xcfbfc6a0) 31629 sudo NAMI /usr/libexec/auth/login_passwd 31629 sudo STRU struct stat { dev=1030, ino=1559048, mode=-r-sr-xr-x , nlink=1, uid=0, gid=11, rdev=6233224, atime=1383766539.484583023, mtime=1375206816, ctime=1383763312.710865788, size=10256, blocks=24, blksize=16384, flags=0x0, gen=0xa0c01eca } 31629 sudo RET lstat 0 31629 sudo CALL socketpair(PF_LOCAL,SOCK_STREAM,0,0xcfbfc88c) 31629 sudo RET socketpair 0 31629 sudo CALL fork() 31629 sudo RET fork 23258/0x5ada 31629 sudo CALL close(0x5) 31629 sudo RET close 0 31629 sudo CALL sigprocmask(SIG_BLOCK,~0) 31629 sudo RET sigprocmask 0 31629 sudo CALL mprotect(0x2c105000,0x2000,0x3PROT_READ|PROT_WRITE) 31629 sudo RET mprotect 0 31629 sudo CALL mprotect(0x2c105000,0x2000,0x1PROT_READ) 31629 sudo RET mprotect 0 31629 sudo CALL sigprocmask(SIG_SETMASK,0) 31629 sudo RET sigprocmask ~0x10100SIGKILL|SIGSTOP 31629 sudo CALL write(0x3,0x7e83d5bc,0x1) 31629 sudo GIO fd 3 wrote 1 bytes \0 31629 sudo RET write 1 31629 sudo CALL write(0x3,0x8a96d20c,0xa) 31629 sudo GIO fd 3 wrote 10 bytes ***\0 31629 sudo RET write 10/0xa 31629 sudo CALL read(0x3,0x8a2d6034,0x2000) 31629 sudo GIO fd 3 read 7 bytes reject What happens if you specifically request radius authentication, e.g. $ sudo -a radius whoami ? /Alexander Thanks, Andrew Klettke Systems Admin Optic Fusion On 11/06/2013 11:28 AM, Bryan Irvine wrote: Now, that's interesting. ktrace that sucker. On Wed, Nov 6, 2013 at 11:22 AM, Andrew Klettke aklet...@opticfusion.net mailto:aklet...@opticfusion.net wrote: Should also add that a /usr/bin/sudo binary copied over from a 5.3 machine works as expected. Thanks, Andrew Klettke Systems Admin Optic Fusion On 11/06/2013 11:17 AM, Andrew Klettke wrote: We're seeing a strange issue where logging into a newly-upgraded 5.4 machine with a RADIUS login works fine, but when trying to use sudo to execute commands, I get incorrect password attempts in /var/log/secure. Transcript of this (server name censored to foo, user censored to user), log messages, and dmesg follow, any help or insight would be very much appreciated. Sudo worked perfectly fine with this same user before the upgrade: $ ssh foo user@foo's password: Last login: Wed Nov 6 11:04:55 2013 from .***.net OpenBSD 5.4 (GENERIC.MP http://GENERIC.MP) #44: Tue Jul 30 12:13:32 MDT 2013 Welcome to OpenBSD: The proactively secure Unix-like operating system. Please use the sendbug(1) utility to report bugs in the system. Before reporting a bug, please try to reproduce it with the latest version of the code. With bug reports, please try to ensure that enough information to reproduce the problem is enclosed, and if a known fix for it exists, include that as well. [foo:~]$
Re: Sudo no longer working with RADIUS logins after upgrade to 5.4
On 11/06/2013 12:26 PM, Alexander Hall wrote: On 11/06/13 20:47, Andrew Klettke wrote: Hey man, hope you're doing well. The new version of sudo definitely breaks radius support somehow. Old binary on newly-upgraded server, calling login_radius as expected: 32409 sudo CALL lstat(0xcfbda248,0xcfbd9fe0) 32409 sudo NAMI /usr/libexec/auth/login_radius 32409 sudo STRU struct stat { dev=1030, ino=1559049, mode=-r-xr-sr-x , nlink=1, uid=0, gid=63, rdev=6221688, atime=1383766914.276995603, mtime=1375206816, ctime=1383763312.710865788, size=14768, blocks=32, blksize=16384, flags=0x0, gen=0x79206db9 } 32409 sudo RET lstat 0 32409 sudo CALL socketpair(PF_LOCAL,SOCK_STREAM,0,0xcfbda1cc) 32409 sudo RET socketpair 0 32409 sudo CALL fork() 32409 sudo RET fork 4137/0x1029 32409 sudo CALL close(0x5) 32409 sudo RET close 0 32409 sudo CALL sigprocmask(SIG_BLOCK,~0) 32409 sudo RET sigprocmask 0 32409 sudo CALL mprotect(0x2cff2000,0x2000,0x3PROT_READ|PROT_WRITE) 32409 sudo RET mprotect 0 32409 sudo CALL mprotect(0x2cff2000,0x2000,0x1PROT_READ) 32409 sudo RET mprotect 0 32409 sudo CALL sigprocmask(SIG_SETMASK,0) 32409 sudo RET sigprocmask ~0x10100SIGKILL|SIGSTOP 32409 sudo CALL write(0x3,0x89efdeac,0x1) 32409 sudo GIO fd 3 wrote 1 bytes \0 32409 sudo RET write 1 32409 sudo CALL write(0x3,0x819f6a4c,0xa) 32409 sudo GIO fd 3 wrote 10 bytes \0 32409 sudo RET write 10/0xa 32409 sudo CALL read(0x3,0x7ec6b034,0x2000) 32409 sudo GIO fd 3 read 10 bytes authorize New binary on newly-upgraded server, no longer calling login_radius: 31629 sudo CALL lstat(0xcfbfc908,0xcfbfc6a0) 31629 sudo NAMI /usr/libexec/auth/login_passwd 31629 sudo STRU struct stat { dev=1030, ino=1559048, mode=-r-sr-xr-x , nlink=1, uid=0, gid=11, rdev=6233224, atime=1383766539.484583023, mtime=1375206816, ctime=1383763312.710865788, size=10256, blocks=24, blksize=16384, flags=0x0, gen=0xa0c01eca } 31629 sudo RET lstat 0 31629 sudo CALL socketpair(PF_LOCAL,SOCK_STREAM,0,0xcfbfc88c) 31629 sudo RET socketpair 0 31629 sudo CALL fork() 31629 sudo RET fork 23258/0x5ada 31629 sudo CALL close(0x5) 31629 sudo RET close 0 31629 sudo CALL sigprocmask(SIG_BLOCK,~0) 31629 sudo RET sigprocmask 0 31629 sudo CALL mprotect(0x2c105000,0x2000,0x3PROT_READ|PROT_WRITE) 31629 sudo RET mprotect 0 31629 sudo CALL mprotect(0x2c105000,0x2000,0x1PROT_READ) 31629 sudo RET mprotect 0 31629 sudo CALL sigprocmask(SIG_SETMASK,0) 31629 sudo RET sigprocmask ~0x10100SIGKILL|SIGSTOP 31629 sudo CALL write(0x3,0x7e83d5bc,0x1) 31629 sudo GIO fd 3 wrote 1 bytes \0 31629 sudo RET write 1 31629 sudo CALL write(0x3,0x8a96d20c,0xa) 31629 sudo GIO fd 3 wrote 10 bytes ***\0 31629 sudo RET write 10/0xa 31629 sudo CALL read(0x3,0x8a2d6034,0x2000) 31629 sudo GIO fd 3 read 7 bytes reject What happens if you specifically request radius authentication, e.g. $ sudo -a radius whoami ? /Alexander Hi Alexander, I get the following: [foo:~]$ sudo -a radius whoami We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. Password: sudo: radius-server not configured stty: unknown mode: doofus Password: sudo: 1 incorrect password attempt [foo:~]$ Which is odd, and definitely incorrect, as it works with the old binary, and radius is set up correctly in login.conf (IP censored): radius:\ :auth=radius:\ :radius-server=***.***.***.***:\ :ignorenologin:\ :requirehome@:\ :radius-challenge-styles=login: Thanks, Andrew Klettke Systems Admin Optic Fusion Thanks, Andrew Klettke Systems Admin Optic Fusion On 11/06/2013 11:28 AM, Bryan Irvine wrote: Now, that's interesting. ktrace that sucker. On Wed, Nov 6, 2013 at 11:22 AM, Andrew Klettke aklet...@opticfusion.net mailto:aklet...@opticfusion.net wrote: Should also add that a /usr/bin/sudo binary copied over from a 5.3 machine works as expected. Thanks, Andrew Klettke Systems Admin Optic Fusion On 11/06/2013 11:17 AM, Andrew Klettke wrote: We're seeing a strange issue where logging into a newly-upgraded 5.4 machine with a RADIUS login works fine, but when trying to use sudo to execute commands, I get incorrect password attempts in /var/log/secure. Transcript of this (server name censored to foo, user censored to user), log messages, and dmesg follow, any help
Re: Sudo no longer working with RADIUS logins after upgrade to 5.4
On Wed, 06 Nov 2013 13:01:38 -0800, Andrew Klettke wrote: Which is odd, and definitely incorrect, as it works with the old binary, and radius is set up correctly in login.conf (IP censored): radius:\ :auth=radius:\ :radius-server=***.***.***.***:\ :ignorenologin:\ :requirehome@:\ :radius-challenge-styles=login: This is almost certainly caused by revision 1.45 of sudo.c. If you back that out (see my previous messages) and rebuild sudo that should fix it. Basically, sudo is using the authentication style of the destination user (in this case root) instead of the invoking user. A workaround may be to configure root to use radius authentication. - todd
Re: RJ11 on Alix 2d13 with OpenBSD
pardon all, no cannot, pls spent no more. is electronically different. apple(adsl) can't taste(talk) like(to) orange(ethernet). and pontetially, adsl voltage will damage ethernet card/port. -- Regards, Peter
OpenSMTPD won't start after last update
After rebuilding, OpenSMTPD suddenly yelled syntax errors in a previously working config file. Apparently 'certificate' on a listen statement has been replaced with pki, so I modified my config. It now looks starts like this: /etc/mail # egrep -v '^(#|$)' /etc/mail/smtpd.conf | head -6 pki core.Techn0.eu certificate /etc/mail/certs/core.Techn0.eu.crt pki core.Techn0.eu key /etc/mail/certs/core.Techn0.eu.key pki core.Techn0.eu dhparams /etc/mail/certs/core.Techn0.eu.dh listen on lo0 listen on em0 inet4 tls pki core.Techn0.eu hostname core.Techn0.eu listen on em0 inet4 smtps pki core.Techn0.eu auth hostname core.Techn0.eu /etc/mail # For some reason, it still fails to start, saying the certificate is missing: /etc/mail # smtpd -dv info: OpenSMTPD 5.4 starting debug: bounce warning after 4h debug: using fs queue backend debug: using ramqueue scheduler backend debug: using ram stat backend info: startup [debug mode] debug: init ssl-tree debug: loading pki information for core.techn0.eu smtpd: load_ssl_tree: missing certificate file for core.techn0.eu All the specified certificate/key/dh files are there and permissions seem not to be the issue, as I've tried with 644 and I still get the same error. Anything else I'm missing? Best regards, Nikola
wanna be sys admin question
I am soliciting opinions and some guidance on few very general sys admin questions. 1. What do people in general use to parse large amount of log files received in the form of e-mails? security/logsurfer and similar. I have seen some in the ports tree. 2. I just learned about www/racktables but it seems rather complicated. Are there some simpler tools with similar functionality which do not involve data bases and web interfaces. 3. Are there any advantages of graphics/dia over general purposes vectorial graphics programs like graphics/inkscape for drawing network topology. Thanks, Predrag
Re: Sudo no longer working with RADIUS logins after upgrade to 5.4
On Wed, Nov 06, 2013 at 14:29, Todd C. Miller wrote: Basically, sudo is using the authentication style of the destination user (in this case root) instead of the invoking user. A workaround may be to configure root to use radius authentication. Is this the correct behavior? As I understand it, when I run sudo, it asks for my password because it wants me to prove I'm me. I don't have to authenticate as the destination user, so why is the destination user's auth style being used?
Re: wanna be sys admin question
On 07 Nov 2013, at 06:09, Predrag Punosevac punoseva...@gmail.com wrote: I am soliciting opinions and some guidance on few very general sys admin questions. 1. What do people in general use to parse large amount of log files received in the form of e-mails? security/logsurfer and similar. I have seen some in the ports tree. Perl. You won’t be much of a sysadmin if you don’t take the time to master perl. 3. Are there any advantages of graphics/dia over general purposes vectorial graphics programs like graphics/inkscape for drawing network topology. Sure, dia has things like network shapes and connection points already included.
Re: OpenSMTPD won't start after last update
http://undeadly.org/cgi?action=articlesid=20131107073405mode=expandedcount=0 which points to: http://www.openbsd.org/faq/current.html#20131106 2013/11/7 Nikola Gyurov ngyu...@gmail.com After rebuilding, OpenSMTPD suddenly yelled syntax errors in a previously working config file. Apparently 'certificate' on a listen statement has been replaced with pki, so I modified my config. It now looks starts like this: /etc/mail # egrep -v '^(#|$)' /etc/mail/smtpd.conf | head -6 pki core.Techn0.eu certificate /etc/mail/certs/core.Techn0.eu.crt pki core.Techn0.eu key /etc/mail/certs/core.Techn0.eu.key pki core.Techn0.eu dhparams /etc/mail/certs/core.Techn0.eu.dh listen on lo0 listen on em0 inet4 tls pki core.Techn0.eu hostname core.Techn0.eu listen on em0 inet4 smtps pki core.Techn0.eu auth hostname core.Techn0.eu /etc/mail # For some reason, it still fails to start, saying the certificate is missing: /etc/mail # smtpd -dv info: OpenSMTPD 5.4 starting debug: bounce warning after 4h debug: using fs queue backend debug: using ramqueue scheduler backend debug: using ram stat backend info: startup [debug mode] debug: init ssl-tree debug: loading pki information for core.techn0.eu smtpd: load_ssl_tree: missing certificate file for core.techn0.eu All the specified certificate/key/dh files are there and permissions seem not to be the issue, as I've tried with 644 and I still get the same error. Anything else I'm missing? Best regards, Nikola -- May the most significant bit of your life be positive.
Areca HW-Raid Support ARC-1224
Hi, i'm currently looking for a openbsd compatible hw-raid solution. i ended up with areca. openbsd lists a number of supported devices. sadly nothing that can be found on the areca website. relevant openbsd supported products seem to be eol. the ARC-1224-8I ist quite intresting for my purpose, but not listed as supported by openbsd, but on the areca website there is sourcecode for a driver... http://www.areca.com.tw/support/s_openbsd/openbsd.htm Anyone tried that yet ? have things changed with license or something ? why do i need this external driver ? any other good (and supported) hw-raid pcie card out there ?
Re: OpenSMTPD won't start after last update
On Thu, Nov 07, 2013 at 02:23:43AM +, Nikola Gyurov wrote: [...] /etc/mail # egrep -v '^(#|$)' /etc/mail/smtpd.conf | head -6 pki core.Techn0.eu certificate /etc/mail/certs/core.Techn0.eu.crt pki core.Techn0.eu key /etc/mail/certs/core.Techn0.eu.key pki core.Techn0.eu dhparams /etc/mail/certs/core.Techn0.eu.dh [...] can you try with an all-lowercase hostname ? I think we're missing a call to lowercase() in our configuration parsing and I'll have a fix for that in a few minutes if you can confirm that it solves your issue too. -- Gilles Chehade https://www.poolp.org @poolpOrg